Resilient Circuits framework helps you write the Python code that performs the integration logic for functions or custom actions by generating a Python package with a boilerplate implementation for Resilient SOAR Platform.
In this post I will share the details about running multiple Resilient Circuit apps on the same system. As you know resilient-circuits and additional modules should work on a python environment. And if you want to run multiple circuits on the same machine you need to create independent python environments on the same box, there are multiple ways to do that. I will share some details for two different techniques in this post.
Python applications will often use packages and modules that don’t come as part of the standard library. Applications will sometimes need a specific version of a library, because the application may require that a particular bug has been fixed or the application may be written using an obsolete version of the library’s interface.
virtualenv is a tool to create isolated Python environments.
Virtualenv Installation on Ubuntu
aokanx@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.2 LTS
aokanx@ubuntu:~$ python3 -V
aokanx@ubuntu:~$ sudo apt install -y python3-pip
aokanx@ubuntu:~$ sudo apt install build-essential libssl-dev libffi-dev python3-dev
aokanx@ubuntu:~$ sudo apt install python3-venv -y
Create and Activate a new venv:
aokanx@ubuntu:~$ python3 -m venv my_test_env1
aokanx@ubuntu:~$ source circuit1/bin/activate
aokanx@ubuntu:~$ pip3 install setuptools_scm wheel
aokanx@ubuntu:~$ pip3 install resilient-circuits
If you want to deactive current virtual python environment you can use deactive command like this:
(my_test_env1) aokanx@ubuntu:~$ deactivate
I created a user for each circuit session and I installed required packages with the same method.
aokanx@ubuntu:~$ sudo useradd -m circuit1
aokanx@ubuntu:~$ sudo usermod -s /bin/bash circuit1
aokanx@ubuntu:~$ sudo su - circuit1
circuit1@ubuntu:~$ python3 -m venv circuit1
circuit1@ubuntu:~$ source circuit1/bin/activate
(circuit1) circuit1@ubuntu:~$ pip3 install setuptools_scm wheel
(circuit1) circuit1@ubuntu:~$ pip3 install resilient-circuits
(circuit1) circuit1@ubuntu:~$ pip3 freeze
You you need some additional configurations also.
First you need to use different stomp_port numbers foreach circuit which is defined in app.config file. And you need to modify app.config and lock file locations in ~/dev/dev/lib/python2.7/site-packages/resilient_circuits/app.py file.
Alternately, instead of modifying original app.py to configure the lock file as described, you can perform the following in your app.py file which exists in your ciruit's home directory:
For more information about this method you can check Resilient documentation also.
In this method you need to install an embedded python setup for each circuit environment.
Conda is an open source package management system and environment management system that runs on Windows, macOS, and Linux. Conda quickly installs, runs and updates packages and their dependencies. Conda easily creates, saves, loads, and switches between environments on your local computer. It was created for Python programs but it can package and distribute software for any language.
Miniconda is a free minimal installer for conda. It is a small, bootstrap version of Anaconda that includes only conda, Python, the packages they depend on, and a small number of other useful packages, including pip, zlib and a few others
For installation you just need to run the script in the user's home directory and follow instructions. #Resilient
Each independent user has its own python (miniconda) environment. And you can install independent resilient-circuits by switching different users.
You you need an additional configuration again. You should use different stomp_port numbers foreach circuit which is defined in app.config file. Otherwise you can get some error messages because of usage of the same stomp_port number for different circuits.